aboutsummaryrefslogtreecommitdiff
From: Tobias Geerinckx-Rice <me@tobias.gr>
Date: Thu, 28 Feb 2019 20:29:00 +0100
Subject: [PATCH] netpbm: Fix CVE-2017-2587.

Copied verbatim from Debian[0].

[0]: https://sources.debian.org/data/main/n/netpbm-free/2:10.78.05-0.1/debian/patches/netpbm-CVE-2017-2587.patch

---
diff -urNp old/converter/other/svgtopam.c new/converter/other/svgtopam.c
--- old/converter/other/svgtopam.c	2017-02-08 12:11:02.593690917 +0100
+++ new/converter/other/svgtopam.c	2017-02-08 13:49:38.319029371 +0100
@@ -771,12 +771,17 @@ createCanvas(unsigned int const width,
 
     MALLOCVAR_NOFAIL(canvasP);
 
-    canvasP->width  = width;
-    canvasP->height = height;
-    canvasP->pixels = ppm_allocarray(width, height);
-    canvasP->maxval = maxval;
+    if(canvasP != NULL){
+        canvasP->width  = width;
+        canvasP->height = height;
+        canvasP->pixels = ppm_allocarray(width, height);
+        canvasP->maxval = maxval;
+
+        *canvasPP = canvasP;
+    } else {
+       pm_error("can't allocate memory for canvas");
+    }
 
-    *canvasPP = canvasP;
 }
 
 
/gnu/packages/patches/ffmpeg-jami-libopusenc-reload-packet-loss-at-encode.patch?id=de002b93dbc3aace41e0fbfc5c717ab73c9a1aa1'>gnu: ffmpeg-jami: Relocate to (gnu packages video)....To avoid Guile module dependency cycles, inherited packages must be defined in the same module. Use this opportunity to simplify the patches applying mechanism, versioning custom patches the same as for other packages. * gnu/packages/patches/ffmpeg-jami-change-RTCP-ratio.patch: New file. * gnu/packages/patches/ffmpeg-jami-rtp_ext_abs_send_time.patch: Likewise. * gnu/packages/patches/ffmpeg-jami-libopusdec-enable-FEC.patch: Likewise. * gnu/packages/patches/ffmpeg-jami-libopusenc-enable-FEC.patch: Likewise. * gnu/packages/patches/ffmpeg-jami-libopusenc-reload-packet-loss-at-encode.patch: Likewise. * gnu/packages/patches/ffmpeg-jami-remove-mjpeg-log.patch: Likewise. * gnu/packages/patches/ffmpeg-jami-screen-sharing-x11-fix.patch: Likewise. * gnu/local.mk (dist_patch_DATA): Register them. * gnu/packages/jami.scm (jami-apply-custom-patches): Delete procedure. (%ffmpeg-default-configure-flags): Delete variable. (ffmpeg-compose-configure-flags): Delete procedure. (ffmpeg-jami): Move to... * gnu/packages/video.scm (ffmpeg-jami): ... here. Apply patches to origin and repatriate configure flags. Change-Id: Id374fae18240cd76b224915d80b61422635ccb77 Maxim Cournoyer